When people talk about breaking encryption, most of the time they think about breaking public key encryption.
Public key encryption is based on the idea that Alice and Bob meet on the internet and want to share encrypted information. They can then share public keys, do some simple and fast mathematical operations on them, do some more operations, and now they're ready to transmit encrypted data. The clever part here is that they don't have to agree on an encryption code before they "meet" on the internet, enabling encrypted traffic between strangers.
This is because that even though Eve, who wants to spy on them, has picked up the data they transmitted between them to establish an encryption protocol, without Alice's or Bob's chosen private key (a very large prime number) she can't effectively "crack the code". The difficulty of the problem is basically one of factorizing a very large number that is the product of 2 very large primes. This just takes a really, really long time ("standard" professional current encryption takes months on supercomputers and 10,000ths of distributed computers to crack today). Build faster computers for cracking codes you say? The problem is that the complexity increases exponentially for the hacker - if computers get 1,000 times faster, the encrypters increase the complexity by 1,000 and are able to do their operations in the same time, while it now gets 1,000,000 times harder for the hacker so it now takes 1,000 times as long. The hacker just gets further and further behind as technology increases.
There are 2 potential ways to, in the future, hack encryption fast:
1) develop a mathematical method to quickly integer factorize large numbers by conventional means. It has not been proven that this isn't possible, but everyone expects that it can't be done. I wouldn't put my money on this.
2) develop efficient quantum computers. Quantum computers can do some operations that theoretically lets them integer factorize "quickly" and they don't get hit by exponentional complexity as the encrypters increase the size of the prime numbers.
Your average cyberdeck in 2070 obviously has a quantum computing module in there, letting it decrypt intercepted data quickly and easily.
All of this is however based on the premise of public key encryption, which is the only way to do it for communication strangers. People who are not strangers don't use public keys though. They use one time codes. Before you separate, you agree on a list with a number of codes, which are basically just long strings of random numbers you use to encrypt the data. There isn't a mathematical pattern to them, and the hacker doesn't have anything he can number crunch.
This is what a rigger would do with his drones. Back in the shop, he makes a one-time pad with each drone. What a hacker trying to intercept the traffic would hear is "Use code 23113132 [static for 100 milliseconds] Use code 654651651 [static for 100 milliseconds]". This can't be decrypted - there's no pattern, no numbers to crunch, nothing. The drone only accepts encrypted traffic, and the hacker can't spoof and encrypt a message - he doesn't know the encodings, so if he tries to send "Use code 7654435 [command]", the drone decrypts the command and gets static, so it disregards it.
The only ways to hack a drone is
1) hack the cyberdeck of the rigger and get hold of the one-time pads (or got hold off them in some other way, like from his drone shop)
2) if the rigger enables the drone to accept normal communication traffic.
Everything else is just plain unrealistic.
This goes for encrypted comms between professional forces too btw.
Full Version: Encryption and hacking drones
Althrough I can see what you mean. I myself would never run it like that it would take away a cool aspect of the game.
but it would add a very cool, very different other aspect. because from now on, you can't just hand encryption over to the hacker and have him wave his magic wand--you have to hack. that might mean a sneak-and-peak through a corporate office to see if anyone left their password written down at their desk. that might mean social engineering to convince an employee to give your team access. that might mean structural re-engineering on an employee's shins, for the same reason. etcetera.
Hmm... this rigger is using one time codes...
... let me see, spam his drone with random code commands to tear away at his drone's pad and now he cant use his own drone till he himself catches up... but everytime he tries, the drone moves up in the count again, so its a crapshoot if he gets the next one right and continues on from there...
Thats the problem with the one time pad method. Everytime you use or recieve an encrypted message, you have to discard the current code.
... let me see, spam his drone with random code commands to tear away at his drone's pad and now he cant use his own drone till he himself catches up... but everytime he tries, the drone moves up in the count again, so its a crapshoot if he gets the next one right and continues on from there...
Thats the problem with the one time pad method. Everytime you use or recieve an encrypted message, you have to discard the current code.
that only works if you can find his drone. and if the rigger doesn't find you and have his team shoot you in the face, because you're giving away your location with all those massive transmissions.
besides, spamming the drone with random commands won't work. you'd have to get insanely lucky to get an actual command out of random noise within any reasonable time frame--that's the whole point of good encryption. all you're doing with random noise transmissions is, basically, trying to crack the encryption with brute force. the encryption we use today would take, at a minimum, years to crack that way.
besides, spamming the drone with random commands won't work. you'd have to get insanely lucky to get an actual command out of random noise within any reasonable time frame--that's the whole point of good encryption. all you're doing with random noise transmissions is, basically, trying to crack the encryption with brute force. the encryption we use today would take, at a minimum, years to crack that way.
| QUOTE (Konsaki) |
| Hmm... this rigger is using one time codes... ... let me see, spam his drone with random code commands to tear away at his drone's pad and now he cant use his own drone till he himself catches up... but everytime he tries, the drone moves up in the count again, so its a crapshoot if he gets the next one right and continues on from there... Thats the problem with the one time pad method. Everytime you use or recieve an encrypted message, you have to discard the current code. |
You don't have to discard any codes if you don't want to. Random code commands with incorrectly encrypted content means that it hasn't been compromised.
| QUOTE (mfb) |
| all you're doing with random noise transmissions is, basically, trying to crack the encryption with brute force. the encryption we use today would take, at a minimum, years to crack that way. |
It's not even really trying to crack it. Even if you do get lucky and hit a random string that gets interpreted as a command, you haven't cracked anything and can't use that to encrypt or decrypt anything
true. even so, the likelihood of getting a useable response--and i'm including random actions and malfuctions as useable responses--within a reasonable timeframe is vanishingly low.
Shadowrun is not about realism. Its about a certain kind of game experience.
I agree that the current hacking rules do not deliver this experience, as Joe Hacker can hack the most advanced encryption out there in about 18 seconds, but one time pad encryption does not deliver this game experience, too.
You basically want a rule where you take a little longer to decrypt things and where you may not succeed for sure if the encryption is too hard.
I agree that the current hacking rules do not deliver this experience, as Joe Hacker can hack the most advanced encryption out there in about 18 seconds, but one time pad encryption does not deliver this game experience, too.
You basically want a rule where you take a little longer to decrypt things and where you may not succeed for sure if the encryption is too hard.
Using OTPs for transmissions requires packet-encryption, using codes that never are used twice: Not for encoding, nor in another drone.
The code-jumps you proposed are irrelevant to the encryption itself.
Enter old problem: source of random data. Real randomness isn't easy to come by, and much harder to generate.
Drones transmit huge amounts of data, especially if jumping into them. As they need exactly the same amount of data for codes as those are used up, you need huge libraries, which, depending on the mission lenght, might even stretch the 'unlimited storage' of SR4.
If you lose a drone, you lose the data completly, too.
So, basically, that setup might work some time, but it will be inpractical on the long run.
OTPs are great for secret communication of short messages, as they can be used to encrypt manually, though.
The code-jumps you proposed are irrelevant to the encryption itself.
Enter old problem: source of random data. Real randomness isn't easy to come by, and much harder to generate.
Drones transmit huge amounts of data, especially if jumping into them. As they need exactly the same amount of data for codes as those are used up, you need huge libraries, which, depending on the mission lenght, might even stretch the 'unlimited storage' of SR4.
If you lose a drone, you lose the data completly, too.
So, basically, that setup might work some time, but it will be inpractical on the long run.
OTPs are great for secret communication of short messages, as they can be used to encrypt manually, though.
@RvD: The code jumps aren't necessary for encryption, they're there to ensure that you both agree on where you are in the encoding stream. It's a necessity when operating in environments where the parties sometimes lose contact.
You're taking the onetime pad name too literally. Most likely the codes will contain seeds for one or more semi-random functions that tells you how to encrypt the data with real random data. So a code might be 2-part, one says what semi-random function to use, the other is a table index that you look up a seed with. The semi-random function plus seed then gives you a long output that tells you what snippets to use from the real random data stream you've stored.
Something like that gives you effectively unlimited streams for encrypting. If it is not enough for you, then that scheme can be made a lot more random and given a lot more combinations. A combination of semi-random functions, tables that only Alice and Bob knows, and a large common real random data file, and you've got something that can keep on spewing out random data without repeating itself for ages without the need for unrealisticly large pads.
You're taking the onetime pad name too literally. Most likely the codes will contain seeds for one or more semi-random functions that tells you how to encrypt the data with real random data. So a code might be 2-part, one says what semi-random function to use, the other is a table index that you look up a seed with. The semi-random function plus seed then gives you a long output that tells you what snippets to use from the real random data stream you've stored.
Something like that gives you effectively unlimited streams for encrypting. If it is not enough for you, then that scheme can be made a lot more random and given a lot more combinations. A combination of semi-random functions, tables that only Alice and Bob knows, and a large common real random data file, and you've got something that can keep on spewing out random data without repeating itself for ages without the need for unrealisticly large pads.
| QUOTE (Serbitar) |
| Shadowrun is not about realism. Its about a certain kind of game experience. I agree that the current hacking rules do not deliver this experience, as Joe Hacker can hack the most advanced encryption out there in about 18 seconds, but one time pad encryption does not deliver this game experience, too. You basically want a rule where you take a little longer to decrypt things and where you may not succeed for sure if the encryption is too hard. |
If Joe Hacker tries to roll 6 dice 6 times, he'll glitch 32% of the time.
Certainly, I'm no cryptoanalyst, but that approach sounds like snake-oil:
Essentially it still is an OTP that is reused, but shifts the start and ending of that pad with a PRNG. This removes the proven security of an OTP, and the PRNG opens the possibility of pattern matching attacks.
As the OTPs algorithm itself is very easy, it is trival to break once you have exploited the PRNG for pattern matching.
This is especially true since the attacker has a very good guess what parts of the plaintext looks like, since the protocol for drone communication is standardized.
Essentially it still is an OTP that is reused, but shifts the start and ending of that pad with a PRNG. This removes the proven security of an OTP, and the PRNG opens the possibility of pattern matching attacks.
As the OTPs algorithm itself is very easy, it is trival to break once you have exploited the PRNG for pattern matching.
This is especially true since the attacker has a very good guess what parts of the plaintext looks like, since the protocol for drone communication is standardized.
The whole setup is really just making the OTP extremely large without using extreme amounts of storage.
At the very least, you must agree that you could easily store a very large random stream to start with as a basis for a OTP - you could measure it in terms of the drone's recording capacity. Say 2 hours worth. Before you can even start pattern matching, you need 2 hours of full sensor feed transmitted. After 4 hours, you have 1 run-through of the stream. That is much too little to get anything useful out of, at best you figure out just a bit of the encoding stream if you're really lucky with recognizing the actual data.
If I mixed the random stream, even with PRNG-based methods, you'd completely wipe out any pattern matching attemps. Pattern matching through something encoded with a random stream that's mixed up between each pass, and with the underlying data being very close to random too (by far the bulk of the data will be video feed or neural impulses) requires an incredible amount of intercepted data, and the power needed to analyze it would be enormous (and AFAIK quantum computing tricks can't help pattern analyze).
Hey, you could even have one random stream to encode with, and another random stream to determine how it gets mixed up after each pass (and another random stream to mix up the second etc., for as long as you need the chain to be). That sounds like it gives pattern matchers an exponential problem with only linear storage increase for the encryption.
At the very least, you must agree that you could easily store a very large random stream to start with as a basis for a OTP - you could measure it in terms of the drone's recording capacity. Say 2 hours worth. Before you can even start pattern matching, you need 2 hours of full sensor feed transmitted. After 4 hours, you have 1 run-through of the stream. That is much too little to get anything useful out of, at best you figure out just a bit of the encoding stream if you're really lucky with recognizing the actual data.
If I mixed the random stream, even with PRNG-based methods, you'd completely wipe out any pattern matching attemps. Pattern matching through something encoded with a random stream that's mixed up between each pass, and with the underlying data being very close to random too (by far the bulk of the data will be video feed or neural impulses) requires an incredible amount of intercepted data, and the power needed to analyze it would be enormous (and AFAIK quantum computing tricks can't help pattern analyze).
Hey, you could even have one random stream to encode with, and another random stream to determine how it gets mixed up after each pass (and another random stream to mix up the second etc., for as long as you need the chain to be). That sounds like it gives pattern matchers an exponential problem with only linear storage increase for the encryption.
Well, there are ways of completely cut of any kind of Spoofing attempt, and Encryption can always be slightly redesigned to take longer.
Standing order: Doublecheck command
Drone always doublecheck latest sent order from Persona (Spoofing will fail as the Spoofer does not get anything sent back to it, the drone checks if the order was genuine with Persona and says Ay or Nay if the response was correct or not.
Harder Encryption
There are several ways one can encrypt a signal or the information of a device.
1. Public Encryption
Public Encryption is the standard Encryption people have on their devices and one does not need any special skills for it. Decryption works as in SR4 Core Rules (Encrypt X2).
2. Secure Encryption
This requires an Encryption test and the successes are added to the Multiplier for cracking the encryption. A rating 4 Encryption and 4 successes on an Encryption test would raise the threshold to Encrypt X6.
3. Military Encryption
Works as Secure Encryption but takes considerably longer. Decrypt+Response VS (Encrypt [Rating] / 1 Hour).
Standing order: Doublecheck command
Drone always doublecheck latest sent order from Persona (Spoofing will fail as the Spoofer does not get anything sent back to it, the drone checks if the order was genuine with Persona and says Ay or Nay if the response was correct or not.
Harder Encryption
There are several ways one can encrypt a signal or the information of a device.
1. Public Encryption
Public Encryption is the standard Encryption people have on their devices and one does not need any special skills for it. Decryption works as in SR4 Core Rules (Encrypt X2).
2. Secure Encryption
This requires an Encryption test and the successes are added to the Multiplier for cracking the encryption. A rating 4 Encryption and 4 successes on an Encryption test would raise the threshold to Encrypt X6.
3. Military Encryption
Works as Secure Encryption but takes considerably longer. Decrypt+Response VS (Encrypt [Rating] / 1 Hour).
| QUOTE (Smokeskin @ Aug 21 2006, 07:01 AM) |
| If Joe Hacker tries to roll 6 dice 6 times, he'll glitch 32% of the time. |
1.) Joe Normal rolles 8 dice. He is in VR and gets a +2 bonus. He only has to roll 5 times with 8 dice, leading to a cumulative glitch probability of 14%
2.) Glitch does not interrupt the extended test. Only a critical test does. Actually, the chances of him failing due to a glitch that reduces his hits below 0 or of a critical glitch are somehwere of arround 5% percent.
3.) This is JoeNormal hacker vs fucking best encrpytion out there. A standard SR4 shadowrunner hacker will have response 6 and decrypt 6 and hack everything with 99.9% probability in an average of 6 Seconds.
Encyryption this way is just another dice roll that means noting. That is anti streamlining.
@The Jopp
Adding extra rules is anti streamlining, too. Just modifiy the existing rules that they make sense:
Realtime Encryption (traffic)
Decrypt + Electronic Warfare (encryption
rating x 4, encryption rating combat turns)
File Encryption
Decrypt + Electronic Warfare (encryption
rating x 4, encryption rating hours)
Limited by "electronic warfare" +1 rolls
| QUOTE (The Jopp) |
| Well, there are ways of completely cut of any kind of Spoofing attempt, and Encryption can always be slightly redesigned to take longer. Standing order: Doublecheck command Drone always doublecheck latest sent order from Persona (Spoofing will fail as the Spoofer does not get anything sent back to it, the drone checks if the order was genuine with Persona and says Ay or Nay if the response was correct or not. |
Except the hacker also picks up the (wireless) doublecheck request from the drone and spoofs an Ay response.
Also, every doublecheck request from the drone for the rigger's legitimate commands, the hacker spoofs a Nay response.
The drone ends up getting conflicting responses and is unable to act. Smart hackers combine this with jamming the rigger.
| QUOTE (Konsaki) |
| Hmm... this rigger is using one time codes... ... let me see, spam his drone with random code commands to tear away at his drone's pad and now he cant use his own drone till he himself catches up... but everytime he tries, the drone moves up in the count again, so its a crapshoot if he gets the next one right and continues on from there... Thats the problem with the one time pad method. Everytime you use or recieve an encrypted message, you have to discard the current code. |
Nope. If the message does not de-cyrpt correctly you don't advance your One time Pad counter. The message was clearly a fake, and so you stay in sync with the sender by not advanceing. Additionaly, every message could include an unencrypted offset telling the eother party where to look in the coe for it's next key. So long as no part of the code is ever re-used the snopper has no way to recover the plaintext.
| QUOTE (Serbitar) | ||
1.) Joe Normal rolles 8 dice. He is in VR and gets a +2 bonus. He only has to roll 5 times with 8 dice, leading to a cumulative glitch probability of 14% 2.) Glitch does not interrupt the extended test. Only a critical test does. Actually, the chances of him failing due to a glitch that reduces his hits below 0 or of a critical glitch are somehwere of arround 5% percent. 3.) This is JoeNormal hacker vs fucking best encrpytion out there. A standard SR4 shadowrunner hacker will have response 6 and decrypt 6 and hack everything with 99.9% probability in an average of 6 Seconds. Encyryption this way is just another dice roll that means noting. That is anti streamlining. |
1) Imo you don't get VR bonus for that test. You roll response + decrypt - the hacker's skill isn't involved. The interval is 1 turn, not 1 pass - his IP bonuses from VR isn't applied. I view this as a pure computational, number-crunching task for the commlink, the hacker doesn't enter into the equation.
2) I wrongly thought that extended tests was aborted with glitches. Thanks
3) I agree that encryption way, way too easy to break.
| QUOTE (Smokeskin) |
| The whole setup is really just making the OTP extremely large without using extreme amounts of storage. |
Exactly that breaks the proven security of an OTP.
| QUOTE (Rotbart van Dainig) | ||
Exactly that breaks the proven security of an OTP. |
This isn't about proven security. Obviously you need an OTP the size of the data you want to encode if you want proven security that positively can't be broken (unless you did something really stupid when making the OTP). If we don't have the storage for this, we need to find a way to re-use the OTP and make due with security that for all practical purposes is unbreakable. So you use PRNG (pseudo-random) techniques to effectively re-use the OTP. With previously-agreed on secret seeds and a big truly random data source, this won't be something you just pattern-recognize your way through with ease. It is certainly a lot better than just starting over from the start of the OTP.
Also, if pattern recognition was that easy then it would break public key encryption schemes much faster than this (oh wait, in SR4 they do break encryption fast
)
ah, the age old one-time pad, when will the debate ever stop?
| QUOTE (hobgoblin) |
| ah, the age old one-time pad, when will the debate ever stop? |
When they are implemented in the rules?
| QUOTE (Smokeskin @ Aug 21 2006, 01:21 PM) |
| Except the hacker also picks up the (wireless) doublecheck request from the drone and spoofs an Ay response. |
Of course they will, if they HACK the signal and monitors EVERYTHING.
This example would only be done to make simple SPOOF commands harder. If one have already cut through the encryption and monitors everything one might as well hack the drone and take it over.
Spoofing a command will not make YOU the other persona, you will only fake that persona for the time it takes you to give a fake order - it will not continue to make communications with you.
Spoof command can be sent in combat and you will (most of the time) not have time to hack a drone in combat - spoofing is the quicky that makes drones go bonkers.
Hacking a drone will almost always succeed, making spoofing a little harder is something else.
| QUOTE (The Jopp) | ||
Of course they will, if they HACK the signal and monitors EVERYTHING. This example would only be done to make simple SPOOF commands harder. If one have already cut through the encryption and monitors everything one might as well hack the drone and take it over. |
You don't have to hack the signal. We're talking wireless signals here. Unless you've cut through the encryption, you won't be spoofing anything to begin with. If you don't know the commcode of both the drone and the rigger you won't be spoofing anything either, and if you got that, then you will be picking up everything transmitted between them if you want to.
| QUOTE (Smokeskin) |
| You don't have to hack the signal. We're talking wireless signals here. Unless you've cut through the encryption, you won't be spoofing anything to begin with. If you don't know the commcode of both the drone and the rigger you won't be spoofing anything either, and if you got that, then you will be picking up everything transmitted between them if you want to. |
Ah, now we are talking about Sniffer tests and electronic warfare, that's a completely different story where we can edit the commands/information as long as we have cut through the Encryption.
Still, my example was ONLY about limiting Spoofing tests, those still take a lot less time than Sniffing for signals, decrypting signals and in the end editing them.
I agree completely that with hacking and EW skills you can OWN drones - but Spoofing is the fastest in a pinch and such an order I described would curb it's use a bit.
| QUOTE (Smokeskin) | ||||
This isn't about proven security. |
Good. Then it's breakable encryption, and SR4 has rules for doing that. End of the line.
| QUOTE (Smokeskin) |
| Obviously you need an OTP the size of the data you want to encode if you want proven security that positively can't be broken (unless you did something really stupid when making the OTP). |
Using PRNGs suffices.
| QUOTE (Smokeskin) |
| If we don't have the storage for this, we need to find a way to re-use the OTP and make due with security that for all practical purposes is unbreakable. |
If you re-use an OTP, if becomes a running-key cipher - those are trivial to break.
| QUOTE (Smokeskin) |
| Also, if pattern recognition was that easy then it would break public key encryption schemes much faster than this (oh wait, in SR4 they do break encryption fast) |
Bingo.
Excuse me while I wade in with my own 2¥ ...
I think Smokeskin's right. The OTP he describes would be easy, especially if the "page" to be used is broadcast each time.
Could a hacker copy and store the signal, compare all of the transmissions, and find two uses of the same page and so crack part of the transmission? Sure. Sort of. If your OTP table has a million entries, and you change the page three times a second, you'll have enough entries to cover a constant stream of communication for a little over a hundred years without repeating.
But what about the size of such a table? Let's say that one entry is about 4 kilobytes, about the size of a page of text (that's probably a bit high for an OTP page, but let's just say). That would put our million-entry table at around 4 gigabytes (give or take). Elder Scrolls IV takes 4.6 Gb of space. In either case, you can get machines today with that much RAM, never mind storage. A 4-gig file is trivial in a world where three-dimensional sensory rendering can be handled over any distance in real-time. Heck, a 40-gig file is, too.
What Smokeskin is getting at is that there is a strong argument for subscribed systems (such as drones) being unspoofable without first getting a copy of the OTP file. Incidentally, after reading his (or her) argument, I agree with him. Note, please, that this does not render the Spoof program useless; there are plenty of items that take commands but would not be subscribed, such as garage door openers and hotel spa rooms and parking meters. This also does not make the drone un-crackable, but rather means the drone is part of the rigger's PAN, and so that PAN must be cracked to get at the drone, either by stealing the OTP file quietly, or hacking in hard and issuing commands from a more "legitimate" point.
And if you're wondering about how to hack a drone that is being controlled remotely by a rigger who is hiding, well, I'll let you figure that one out yourself; you'll know it when you're on the right Track.
If you're trying to drop a drone, shooting it would work better. If you're trying to dump a rigger who has jumped into a drone, hit it with a directional jammer. They're both faster.
I think Smokeskin's right. The OTP he describes would be easy, especially if the "page" to be used is broadcast each time.
Could a hacker copy and store the signal, compare all of the transmissions, and find two uses of the same page and so crack part of the transmission? Sure. Sort of. If your OTP table has a million entries, and you change the page three times a second, you'll have enough entries to cover a constant stream of communication for a little over a hundred years without repeating.
But what about the size of such a table? Let's say that one entry is about 4 kilobytes, about the size of a page of text (that's probably a bit high for an OTP page, but let's just say). That would put our million-entry table at around 4 gigabytes (give or take). Elder Scrolls IV takes 4.6 Gb of space. In either case, you can get machines today with that much RAM, never mind storage. A 4-gig file is trivial in a world where three-dimensional sensory rendering can be handled over any distance in real-time. Heck, a 40-gig file is, too.
What Smokeskin is getting at is that there is a strong argument for subscribed systems (such as drones) being unspoofable without first getting a copy of the OTP file. Incidentally, after reading his (or her) argument, I agree with him. Note, please, that this does not render the Spoof program useless; there are plenty of items that take commands but would not be subscribed, such as garage door openers and hotel spa rooms and parking meters. This also does not make the drone un-crackable, but rather means the drone is part of the rigger's PAN, and so that PAN must be cracked to get at the drone, either by stealing the OTP file quietly, or hacking in hard and issuing commands from a more "legitimate" point.
And if you're wondering about how to hack a drone that is being controlled remotely by a rigger who is hiding, well, I'll let you figure that one out yourself; you'll know it when you're on the right Track.
If you're trying to drop a drone, shooting it would work better. If you're trying to dump a rigger who has jumped into a drone, hit it with a directional jammer. They're both faster.
| QUOTE (Rotbart van Dainig) | ||
Good. Then it's breakable encryption, and SR4 has rules for doing that. End of the line. |
Then you haven't understood the situation. Even if you had pattern recognition hardware that cracked anything in seconds, you would still need to collect transmissions for hours upon hours before getting enough to see a pattern in.
| QUOTE (Rotbart van Dainig) | ||
Using PRNGs suffices. |
Which we obviously doesn't use. Getting random data isn't that hard. Buy some hardware that measures brownian movement and you're set. It may not have the perfect distribution to make it fit for monte christo calculations, but there won't be a pattern in it.
| QUOTE (Rotbart van Dainig) | ||
If you re-use an OTP, if becomes a running-key cipher - those are trivial to break. |
They're trivial to break if the cipher is used a lot of times. The major part of the OTP is enough random data to encode 2 hours worth of transmission. At 2 hours, you have nothing to pattern recognize on. Repeat it many times and you might get something.
But we don't repeat it many times. We shuffle it with a PRNG every run. That means basically, you get to see 1 number from my PRNG every 2 hours (if you could crack the random stream encoding, which you haven't yet). You'll need quite a lot of these numbers to establish the underlying PRNG.
But wait, we also feed the PRNG seeds from a smaller random OTP table. So you don't have a pattern there, that'll take a lot of effort to figure that one out.
You get all these problems on top of each-other. You're looking at the very least at weeks of transmission and probably years before you have enough to begin breaking the code.
| QUOTE (Rotbart van Dainig) | ||
Bingo. |
The also part was just to add a further complication, that perhaps isn't a complication in SR4. Breaking key encryption method is different though, they really just require you to get the public exchanges and a lot of number crunching. With this "extended use OTP system" you need so much transmission to crack it that for all practical intents of purposes, it is uncrackable.
| QUOTE (Smokeskin) | ||||
Then you haven't understood the situation. Even if you had pattern recognition hardware that cracked anything in seconds, you would still need to collect transmissions for hours upon hours before getting enough to see a pattern in. |
and thats when you change the time between tests from 1 combat turn to maybe 1 hour or even 1 day, as that will be about the only diffrence...
| QUOTE (hobgoblin @ Aug 21 2006, 08:43 PM) |
| and thats when you change the time between tests from 1 combat turn to maybe 1 hour or even 1 day, as that will be about the only diffrence... |
Yeah. If you make the decrypting extended test periods that long, and you need full-bandwidth transmission of that length to even make the test, then for pretty much any practical comms application it will effectively unbreakable. If you transmit continously on the same onetime pad for hours or days on end, you deserve to be listened in on.
I thought it might aid the discussion to explain a bit more about OTP use. But I'm feeling lazy, so I'll just copy and paste from Wikipedia:
| QUOTE (Wikipedia entry "One-Time Pad") |
| The Vernam-Mauborgne one-time pad was recognized early on as very difficult to break, but its special status was only realized by Claude Shannon some 25 years later. He proved, using information theory considerations, that the one-time pad has a property he termed perfect secrecy: that is, the ciphertext gives absolutely no additional information about the plaintext. Thus, the a priori probability of a plaintext message M is the same as the a posteriori probability of a plaintext message M given the corresponding ciphertext. And in fact all plaintexts are equally probable. This is a strong notion of cryptanalytic difficulty. [4] Despite Shannon's proof of its security, the one-time pad has serious drawbacks in practice: * it requires perfectly random one-time pads * secure generation and exchange of the one-time pad material, which must be at least as long as the message * careful treatment to make sure that it forever remains secret from any adversary, and is disposed of correctly preventing any reuse in whole or part — hence "one time". See data remanence for a discussion of difficulties in completely erasing computer media. These implementational difficulties have led to one-time pad systems being broken, and are so serious that they have prevented the one-time pad from being adopted as a widespread tool in information security. |
Based on what I have been reading here, it seems the most logically way is just extending the period on when you can do your extended test. I know for my group, forcing a successful decryption to hours is going to effectively make it unbreakable for a specific run, as none of my players are going to wait that long if they are doing everything else on the fly.
As to the reality of unbreakable encryption or just ones that take a long time...I don't think I, nor any of my players, care to try to parallel the realworld with these kinds of mechanics...
I think I am also fine with making a subscribed drone unabled to be hacked unless the riggers comm is hacked first and then spoofed. I would still allow sniffed traffic, but that is of limited usage, IMO, when you are trying to gain control or get past a drone quickly...
As to the reality of unbreakable encryption or just ones that take a long time...I don't think I, nor any of my players, care to try to parallel the realworld with these kinds of mechanics...
I think I am also fine with making a subscribed drone unabled to be hacked unless the riggers comm is hacked first and then spoofed. I would still allow sniffed traffic, but that is of limited usage, IMO, when you are trying to gain control or get past a drone quickly...
| QUOTE (Smokeskin) |
| Then you haven't understood the situation. Even if you had pattern recognition hardware that cracked anything in seconds, you would still need to collect transmissions for hours upon hours before getting enough to see a pattern in. |
That was thought for WEP, too - and proven wrong.
| QUOTE (hobgoblin) |
| and thats when you change the time between tests from 1 combat turn to maybe 1 hour or even 1 day, as that will be about the only diffrence... |
No problem with that houserule, apply it to every encryption and proceed.
| QUOTE (Aaron @ Aug 21 2006, 09:08 PM) | ||
Discuss. |
Generating random one-time pads isn't a problem anymore. In 2070 it certainly won't be.
Exchange of OTP takes preparation, which means it won't be used for "casual", daily use. Military, high-end security, black ops, shadowrunners - they'll prepare properly.
Securing the OTP is a great hook. You need to find the rigger instead of just hacking the drone. Or you infiltrate the corp's security before the raid to get their OTPs. Or someone steals your team's OTP. Imo much of this stuff is better than random, on the fly generated encryption.
The reason OTPs are relatively uninteresting today is that public key encryption is a lot easier and still effectively unbreakable - it takes enormous resources and a very long time. There just isn't much reason to use OTPs. If you give every hacker access to a quantum computing module that'll crack public key encryption in seconds, that all changes.
| QUOTE (Rotbart van Dainig) | ||
That was thought for WEP, too - and proven wrong. |
Well, that doesn't really have much to do with this situation, does it? If you have 2 hours worth of random stream to encode with, you of course will need several hours of transmission to begin pattern matching. You need 4 hours to just get 2 passes, the absolute minimum to match anything.
Has anyone stopped to think.... Maybe its something new.... Maybe we're bringing an overcomplicated view to the table.... Maybe this view is going to overcomplicate things... Maybe this overcomplication isnt going to be fun....
Just My Opinion...
Just My Opinion...
| QUOTE |
| As to the reality of unbreakable encryption or just ones that take a long time...I don't think I, nor any of my players, care to try to parallel the realworld with these kinds of mechanics... |
any encryption is in theory breakable, its just that the brute force way (trying every key until one works) takes so long time that its not practical.
same thing with physical security. you cant make something 100% secure. instead you make it take so long that most others will go look for a quicker target.
| QUOTE (hobgoblin) |
| any encryption is in theory breakable, its just that the brute force way (trying every key until one works) takes so long time that its not practical. |
Onetime pads aren't breakable. You're literally just as likely to get Legally Blonde 2 or next year's trideo hit as the drone's sensor feed if you try a bruteforce approach. You get the pad or you don't break the encryption.
| QUOTE (Smokeskin) |
| Well, that doesn't really have much to do with this situation, does it? If you have 2 hours worth of random stream to encode with, you of course will need several hours of transmission to begin pattern matching. You need 4 hours to just get 2 passes, the absolute minimum to match anything. |
It does, as there was the same claim you just made. What you need are some packets with the same code, and as you choose pseudo-randomly, that can happen pretty fast.
| QUOTE (Smokeskin) |
| Onetime pads aren't breakable. |
If perfectly implemented.
If you don't like easily breakable encryption, increase the interval.
While you are at it, increase firearm damage, the thresholds for breaking mag-locks, etc.
Just going going for a 'more realistic' approach on one aspect of the game unbalances it.
there's no such thing as a perfectly-implemented OTP. to do that, we'd first need a way to generate perfectly random numbers, and at the moment, all we have are ways to generate usefully (but imperfectly) random numbers. key word being 'useful'; for most intents and purposes, OTPs are unbreakable--as long as we understand 'unbreakable' to actually mean 'unbreakable within any useful timeframe'.
using OTP encryption on drones is, basically, using it wrong. there's nothing one-time about drone communication; by its nature, drone control is generally managed through a stream of constant communication. same with using it for team commo. to use OTPs correctly, you have to do what the name implies--use them one time. every time you use them, the chance that your code will be broken increases.
but i think there's a good way to mimic the behavior of OTPs in the rules, without unbalancing things. here's how i'd do it. i think it's pretty balanceable (i'm providing the framework the rules should be based on, not the rules).
basically, OTP encryption should be very strong, but should degrade over time, if used for something like team commo or drone control. i'd suggest something like this: give OTP encryption an effective rating equal to the square of its actual rating, for the purposes of decryption. in other words, if i'm using rating 4 OTP encryption, you have to decrypt it as if it were rating 16. however! the actual rating (4) would decrease over time. let's say something like -1 actual rating per hour. after an hour of drone control, the OTP's actual rating would be 3, effective rating 9. after two hours, 2 and 4. and so on. the reason it degrades is, there are lots of transmissions out there to collate, and the number of transmissions available for collation increases as time goes by. we just assume that searching for transmissions sent from the identified source is part of the decryption process.
et voila.
using OTP encryption on drones is, basically, using it wrong. there's nothing one-time about drone communication; by its nature, drone control is generally managed through a stream of constant communication. same with using it for team commo. to use OTPs correctly, you have to do what the name implies--use them one time. every time you use them, the chance that your code will be broken increases.
but i think there's a good way to mimic the behavior of OTPs in the rules, without unbalancing things. here's how i'd do it. i think it's pretty balanceable (i'm providing the framework the rules should be based on, not the rules).
basically, OTP encryption should be very strong, but should degrade over time, if used for something like team commo or drone control. i'd suggest something like this: give OTP encryption an effective rating equal to the square of its actual rating, for the purposes of decryption. in other words, if i'm using rating 4 OTP encryption, you have to decrypt it as if it were rating 16. however! the actual rating (4) would decrease over time. let's say something like -1 actual rating per hour. after an hour of drone control, the OTP's actual rating would be 3, effective rating 9. after two hours, 2 and 4. and so on. the reason it degrades is, there are lots of transmissions out there to collate, and the number of transmissions available for collation increases as time goes by. we just assume that searching for transmissions sent from the identified source is part of the decryption process.
et voila.
| QUOTE (mfb @ Aug 21 2006, 02:34 PM) |
| using OTP encryption on drones is, basically, using it wrong. there's nothing one-time about drone communication; by its nature, drone control is generally managed through a stream of constant communication. same with using it for team commo. to use OTPs correctly, you have to do what the name implies--use them one time. every time you use them, the chance that your code will be broken increases. |
Yes, but the drone is never going to be in constant use, is it? Even the most self-sufficient drone will need to be brought in for occasional repairs or preventative maintenence, and most will be running off of batteries or fuel sources that need to be replinished. At this point the OTPs can be exchanged, just as the oil is being changed. A smart runner will probably be changing his OTPs daily, or at best weekly. I mean it's not like drones have to be permenant or even semi-permenant installations.
i meant "in constant use", eg for streaming traffic as opposed to single, discrete messages. yes, a rigger can (and should, since it won't last forever) change his 'OTPs' frequently. that's the downside to using them.
Not much of a downside for a rigger, as he gets direct access to the drone every once in awhile, albeit intermittently. During those times it would be pretty trivial to hook up a hard line to transmit that week/month's OTP set. It'd just be part of routine maintenence; heck by 2070 a good random number source would probably be a standard part of any good set of mechanic's tools, rather like laptops and other electronics gadgets are quickly becoming standard tools for dealing with the onboard computers of most newer cars.
(Edit): Yes, much data is going to have to change hands for a rigging interface to work. This does mean a whole lot of storage will be necessary to keep up with a true OTP encrypt, but then storage is aparently very cheap in 2070 so it's no big deal.
(Edit): Yes, much data is going to have to change hands for a rigging interface to work. This does mean a whole lot of storage will be necessary to keep up with a true OTP encrypt, but then storage is aparently very cheap in 2070 so it's no big deal.
there are balancing factors you can fudge to make it workable. the time it takes the OTP to degrade, for one; if your rating 6 OTP degrades to 0 after 6 hours, you might not want to use it on extended operations. i'm not suggesting these rules are strictly realistic; if you're looking for strict realism, i can think of a lot better places to start no matter what edition of the game you're playing. but i think rules like these could help make encryption a bit more believable--if not, as i said, make them actually realistic.
| QUOTE (Rotbart van Dainig) | ||
It does, as there was the same claim you just made. What you need are some packets with the same code, and as you choose pseudo-randomly, that can happen pretty fast. |
Could you go back and re-read it? There is a 2-hour stream of random data to encode with - this is the perfect part of the OTP. Encrypting something with a stream of random data IS completely unbreakable. The PRNG is only used to mix the random stream after there's been transmitted for over 2 hours. The first 2 hours the enemy has recorded perfect static. The next 2 hours, they also get static, but there is some artefacts from the PRNG. If the enemy had the 2-hour random stream part of the OTP and they had the plaintext too, they'd effectively get to see one number from the PRNG. After 8 hours, they'd have 3 numbers from the PRNG. Breaking a PRNG, even with any amount of technical advancement, is impossible with only 3 numbers. Having the random stream at this point is also completely impossible, unless they got hold of the plaintext. They might have a few parts of it, but without the PRNG they can't decode it yet.
Sure, this system can't run indefinately. But the enemy only gets one glimpse at the guts of the PRNG every 2 hours. Just becasuse there is a PRNG in there, it doesn't mean that it is easily breakable. You need to get a lot of samples from a PRNG before the numbers start being predictable.
And too add further complications, the PRNG is fed random numbers from another random OTP table. And in the original example I even had different PRNGs also selected from a random OTP table.
| QUOTE (mfb @ Aug 22 2006, 12:34 AM) |
| there's no such thing as a perfectly-implemented OTP. to do that, we'd first need a way to generate perfectly random numbers, and at the moment, all we have are ways to generate usefully (but imperfectly) random numbers. key word being 'useful'; for most intents and purposes, OTPs are unbreakable--as long as we understand 'unbreakable' to actually mean 'unbreakable within any useful timeframe'. using OTP encryption on drones is, basically, using it wrong. there's nothing one-time about drone communication; by its nature, drone control is generally managed through a stream of constant communication. same with using it for team commo. to use OTPs correctly, you have to do what the name implies--use them one time. every time you use them, the chance that your code will be broken increases. |
You're mixing up 2 different properties and uses for random numbers.
For cryptology, you really just need unpredictability. It doesn't really matter that the bit-stream only has 49% 0s and 51% 1s, as long as it is unpredictable. The encryption strength doesn't really suffer from this lack of perfect distribution - it makes pattern matching a tiny little bit easier if you keep on re-using the OTP, but it doesn't give any decryption risk at all for the first pass. It isn't hard to make random numbers like that, basically some equipment measuring any natural random process will do, like a sensor looking at brownian movement in a liquid, or perhaps something looking at properties of air currents, with the feed recorded by your computer. You can buy packages that do this today.
For many other applications, you need perfect distribution. That's the really hard part to get, and what most refer to when talking about how hard random numbers are to generate.
Using OTP on drones wouldn't be using it wrong. You just need a large OTP. How much recording capacity do you assume a drone has? 8 hours? Use 25% of that space for an OTP, and you have 2 hours of continous full-sensor transmission completely secure.
unpredictability works, for cryptology, but not as well as true randomness. if it's truly random, there's basically no breaking it. if it's just unpredictable, it's possible to find patterns if you have enough material to work with. generating less-than-random OTPs means that, eventually, someone's going to crack the system that you use for generating OTPs. at which point, you're screwed.
| QUOTE (mfb) |
| there's no such thing as a perfectly-implemented OTP. to do that, we'd first need a way to generate perfectly random numbers, and at the moment, all we have are ways to generate usefully (but imperfectly) random numbers. |
By "random" we mean "without a discernable mathematical pattern." Certainly, mathematically-generated random numbers will have a discernable pattern. However, a non-mathematical algorithm, such as a random list generated by the the keyboard mashing common to PGP key generation, is suitably random for an unbreakable OTP table.
| QUOTE (Aaron) |
| However, a non-mathematical algorithm, such as a random list generated by the the keyboard mashing common to PGP key generation, is suitably random for an unbreakable OTP table. |
No. It may suffice for some time.
Even atomic decay or interstellar radiation were found having patterns.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.